By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

security. Here’s a look at some security aspects to familiarize yourself with, as well as several settings you can use to protect Outlook 2010.

Centralized security By default, Outlook maintains its security configuration locally. However, local configurations are ineffective in corporate environments because configuration changes must be applied manually. Thus, you’re better off centrally managing Outlook’s security. You have two options: You can use group policy settings, or store the security settings in designated public folders. Microsoft recommends using group policy settings as long as you don’t have any users on Outlook 2003 or earlier.

Group policy-based securityActive Directory does not contain any Outlook-related settings by default. To implement group policy settings for Outlook 2010 security, you must download the Office 2010 Administrative Template files and then add the templates to a domain controller’s central store.

There are two important things you should know about the Office 2010 Administrative Templates. First, the templates are version-specific. This means that if you still have users on Outlook 2007, any group policy settings implemented using the Office 2010 Administrative Templates won’t be applied to those users.

Outlook 2010 also ignores Outlook-related group policy settings by default. To modify this behavior, first make sure the Office 2010 Administrative Templates are installed. Next, configure the Outlook Security Mode Option group policy setting to use the Use Outlook Group Policy setting. This setting is found in the Group Policy Editor at User Configuration -> Policies -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Security Form Settings (Figure 1).

Figure 2. The Outlook Security Mode should be set to Use Outlook Security Group Policy.

Digital signatures After installing the administrative templates, there are a number of security settings you can benefit from. For example, you can configure Outlook 2010 so that all outbound email messages are digitally signed. Digital signatures help prevent identity spoofing. To enable this setting, navigate through the Group Policy tree to User Configuration -> Policies -> Administrative Templates -> Microsoft Outlook 2010 -> Security -> Cryptography and enable the Sign All E-Mail Messages setting (Figure 3).

In Figure 3, you can also see an Encrypt all e-mail messages setting. Because email messages are normally sent in clear text, encryption is a great way to ensure that messages are not intercepted and exposed during transit.

Though these two group policy settings are fairly simple, they depend on an underlying PKI infrastructure. This requires a public/private key pair that is based on X.509v3 certificates. These certificates can be generated using an enterprise certificate authority (CA) or can be acquired from a commercial CA. Office 2010 uses these certificates to create a digital identity for each user.

Although users can create and store a digital ID locally on their desktop, it’s better to store digital IDs centrally in corporate environments. You have three options for storing digital IDs.

The recommended method is to store digital IDs in the global address list (GAL). Any certificates generated by a CA or Active Directory Certificate Services are automatically published to the GAL. You can also manually publish externally generated certificates to the GAL.

Figure 4. You can publish a digital ID to the GAL directly through Outlook 2010.

Finally, you also have the option to either store certificates in an LDAP-based directory service or export the digital IDs and store them directly on your users’ desktops. I recommend publishing digital IDs to the GAL whenever possible.

ABOUT THE AUTHOR: Brien Posey is an eight-time Microsoft MVP with two decades of IT experience. Before becoming a freelance technical writer, Brien worked as a CIO for a national chain of hospitals and healthcare facilities. He has also served as a network administrator for some of the nation’s largest insurance companies and for the Department of Defense at Fort Knox.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy